On 03.04.2018 13:45, Andrey V. Elsukov wrote:
>> Can anybody give any hint about the above behaviours or point me to good
>> documentation? The man pages is very brief on this, unfortunately.
>
> Hi,
>
> ipfw uses M_SKIP_FIREWALL flag for self-generated packets. Thus
> keep-alive packets are sent
On 03.04.2018 13:15, Andrea Venturoli wrote:
> Test 3: let's introduce NAT
>
>> ipfw add 99 skipto 1 tcp from any to external-host http setup
>> keep-state
>
> (skipto 1 is used to allow nat rules).
> With the same external host as before, now the rule times out!
>
> Test 5: fwd to a ja
Hello.
I'm trying to find out how dyn_keepalive works.
From ipfw(8):
net.inet.ip.fw.dyn_keepalive: 1
Enables generation of keepalive packets for keep-state rules on
TCP sessions. A keepalive is generated to both sides of the con-
nection every 5 seco
